Cloud is a delivery model of computing services over remote network. This model is enabled by virtualization technology and features a pay-as-you-go pricing plan for computing services. Along with the flexible billing option, is the elasticity of managing services in the cloud platform.
When designing a cloud architecture, we mainly look at:
Cloud landing zone
A successful cloud platform enables application teams to focus on business requirement. The backbone of a cloud platform is a landing zone, which typically addresses security, networking and compliance requirement of the organization’s IT footprint in the cloud. Both AWS and Azure have guidelines of multiple options to deploy landing zones.
Storage design
Enterprise applications often have specific requirements on IOPS and throughput. Selecting a storage service in a cloud platform, must also consider the high availability, disaster recovery and cost efficiency.
Networking design
Networking design has profound impact on the security posture and must be well thought out. It sets the foundation of high availability and fault tolerance. Also, how traffic flows in and out the system significantly affect the cost.
Infrastructure as code
There have been three categories of infrastructure as code, those based on markup language (ARM, CloudFormation), those based on general-purpose programming language (Pulumi, AWS CDK), and those based on Domain Specific Language (Terraform, Bicep). They have different levels of flexibility and different skill requirement.
More on cloud platform
- Public Key Infrastructure 3 of 3 – PKI Implementation - After the last two post, now we can focus on PKI implementation. The use case is software testing, where we need to create and recycle a lot of short-lived certificates. Typically, we don't have to create public certificates because testing workload is internal. Also, hosting a public CA is much…
- AWS Systems Manager is an Omnipotent Hodgepodge - Introduction to Systems Manager AWS Systems Manager addresses a lot of SysOps requirements for configuration management, including server automation. In this domain, there is another AWS service called OpsWorks. However, with OpsWorks Stack, OpsWorks Chef and OpsWorks Puppet all coming EOL in 2024, the entire OpsWorks service is mostly deprecated.…
- Orchestrate Landing Zone with Landing Zone Accelerator on AWS - As a continuation to the last post, we explore the Landing Zone Accelerator on AWS (LZA) as an orchestration tool in this post. LZA borrows a lot from the ASEA, an accelerator project to deploy the security reference architecture (SRA). LZA is a multi-purpose project that consists of both the…
- Landing Zone in Azure – Introduction - I recently renewed my associate administrator certification, and feel it's a good opportunity to brush up on Azure landing zone. The lame part of this is the semantics. I found many similar terms across cloud service provider (CSPs). In the context of Azure, it makes sense to clarify the terms…
- Computing services: from PaaS to Serverless - Silicon Valley startups in mid-2000s likely do not run their own IT operations (i.e. renting their own data centre spaces, purchasing their own rack-mounted servers). Since the launch of EC2, AWS has been renting extra computing capacity to those startups, in the IaaS model. The leased infrastructure requires maintenance work,…
Contact Digi Hunch for Professional Services.